From 32c8818ef59dd386e8824bc98243428ea5bdccb0 Mon Sep 17 00:00:00 2001 From: Sameeh Jubran Date: Wed, 18 Mar 2026 13:15:49 +0200 Subject: [PATCH 1/2] Fix missing wc_AesFree on wc_AesGcmSetKey failure in Unwrap functions _AesGcmKeyUnwrap and _AesGcmDataUnwrap leaked an initialized AES context when wc_AesGcmSetKey failed after a successful wc_AesInit. Add wc_AesFree calls to match the cleanup pattern in the Wrap siblings. Signed-off-by: Sameeh Jubran --- src/wh_server_keystore.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/wh_server_keystore.c b/src/wh_server_keystore.c index 565975dd3..8b2a378ae 100644 --- a/src/wh_server_keystore.c +++ b/src/wh_server_keystore.c @@ -1037,6 +1037,7 @@ static int _AesGcmKeyUnwrap(whServerContext* server, uint16_t serverKeyId, ret = wc_AesGcmSetKey(aes, serverKey, serverKeySz); if (ret != 0) { + wc_AesFree(aes); return ret; } @@ -1171,6 +1172,7 @@ static int _AesGcmDataUnwrap(whServerContext* server, uint16_t serverKeyId, ret = wc_AesGcmSetKey(aes, serverKey, serverKeySz); if (ret != 0) { + wc_AesFree(aes); return ret; } From a260f9b0db843e6d47fd80e8d973c7fde5671be3 Mon Sep 17 00:00:00 2001 From: Sameeh Jubran Date: Wed, 18 Mar 2026 17:03:03 +0200 Subject: [PATCH 2/2] Fix TCP partial send retry computing negative remaining size send_size was only computed inside the initial-write block, so on a retry after a partial send it stayed 0, making remaining_size negative. That value wrapped to a huge size_t in send(), causing an immediate fatal error and making partial TCP writes unrecoverable. Move the send_size calculation before the conditional so it is always set from the caller-supplied size, regardless of whether this is the first attempt or a retry. Signed-off-by: Sameeh Jubran --- port/posix/posix_transport_tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/port/posix/posix_transport_tcp.c b/port/posix/posix_transport_tcp.c index 9e652d4f8..a87bcf5ef 100644 --- a/port/posix/posix_transport_tcp.c +++ b/port/posix/posix_transport_tcp.c @@ -120,12 +120,12 @@ static int posixTransportTcp_Send(int fd, uint16_t* buffer_offset, return WH_ERROR_BADARGS; } + send_size = sizeof(uint32_t) + size; if(*buffer_offset == 0) { /* Initial write. Copy data to buffer */ /* Prepend packet data with the size in network order */ *packet_len = htonl((uint32_t)size); memcpy(packet_data, data, size); - send_size = sizeof(uint32_t) + size; } int remaining_size = send_size - *buffer_offset;